Headline
Ubuntu Security Notice USN-6544-1
Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
==========================================================================Ubuntu Security Notice USN-6544-1December 11, 2023binutils vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in GNU binutils.Software Description:- binutils: GNU assembler, linker and binary utilitiesDetails:It was discovered that GNU binutils incorrectly handled certain COFF files.An attacker could possibly use this issue to cause a crash or executearbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-38533)It was discovered that GNU binutils was not properly performing boundschecks in several functions, which could lead to a buffer overflow. Anattacker could possibly use this issue to cause a denial of service,expose sensitive information or execute arbitrary code. This issue onlyaffected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.(CVE-2022-4285, CVE-2020-19726, CVE-2021-46174)It was discovered that GNU binutils contained a reachable assertion, whichcould lead to an intentional assertion failure when processing certaincrafted DWARF files. An attacker could possibly use this issue to cause adenial of service. This issue only affected Ubuntu 20.04 LTSand Ubuntu 22.04 LTS. (CVE-2022-35205)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: binutils 2.38-4ubuntu2.4 binutils-multiarch 2.38-4ubuntu2.4Ubuntu 20.04 LTS: binutils 2.34-6ubuntu1.7 binutils-multiarch 2.34-6ubuntu1.7Ubuntu 14.04 LTS (Available with Ubuntu Pro): binutils 2.24-5ubuntu14.2+esm6 binutils-multiarch 2.24-5ubuntu14.2+esm6In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6544-1 CVE-2020-19726, CVE-2021-46174, CVE-2022-35205, CVE-2022-38533, CVE-2022-4285Package Information: https://launchpad.net/ubuntu/+source/binutils/2.38-4ubuntu2.4 https://launchpad.net/ubuntu/+source/binutils/2.34-6ubuntu1.7Related news
Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.
Ubuntu Security Notice 6413-1 - It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks when processing debug sections with objdump, which could lead to an overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.
An update for devtoolset-12-binutils is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3826: A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service. * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of servi...
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
An update for gcc-toolset-12-binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.